1 Reply Latest reply: Jul 16, 2014 3:20 AM by Simone Spanio RSS

    Problem with Single Sign On

      Hello all,

      I am new to Qlikview and I am trying to do a SSO configuration with my portal(Apache Webserver and Shibboleth SAML).


      Approach I am using is below

      1.User will make request to local apache server https://localhost/qlikview

      2. As this url is configured as secure resource at Shibboleth Service Provider, it will redirect the request to Shibboleth Identity      Provider for authentication.

      3. Identity  Provider authenticates the user (configured in our Active directory)and sets header attribute in response and pass it to Service Provider sitting on apache.

      4. Apache will redirect the user to qlikview through reverse proxy (configured in apache httpd.conf)

      .5. Qlikview will find the correct header and allow user to access the resource.



      Below is the configuration I have made at my Qlikview server end.

          1. I am changing the authentication type from NTLM to Header . As in my portal end I am using Header injection for authentication         and not NTLM.

           2. As of security wise I have tried both NTFS and DMS authorization but no luck.


      Below are the changes I have done in my httpd.conf file in Apache

      SSLProxyEngine on

      ProxyPass /qlikview http://serverIP/qlikview

      ProxyPassReverse /qlikview http://serverIP/qlikview



      ProxyPass /QvAJAXZfc http://serverIP/QvAJAXZfc

      ProxyPassReverse /QvAJAXZfc http://serverIP/QvAJAXZfc



      ProxyPass /QvAjaxZfc http://serverIP/QvAJAXZfc

      ProxyPassReverse /QvAjaxZfc http://serverIP/QvAJAXZfc


      Now when user logs into the portal and tries to access the qlikview server, user does not get redirected to the Qlikview url.

      I have also followed the official Qlikview SSO guide formerly known(Qlikview 10 Accesspoint SSO.pdf) but nothing seems to be working.

      If anyone can provide me guidance on how to configure Qlickview, what header params should be injected and anything i need to add at my active directory side would be of great help for me.

      Please help me to resolve this problem